Re: mod_ssl vs Apache-SSL
On Fri, Mar 02, 2001, [EMAIL PROTECTED] wrote: [...] In my opinion, this is one of the best support lists I've ever seen, although I think it would be safe to say that it is very difficult to elicit a response from Ralf (I've never had a reply regarding removing broken RPMs from the ftp site, for example). Please don't take offence Ralf, I realise you are very busy. [...] Yes, I know that (mainly because of my participation in lots of other Open Source projects and the fact that my own little family claims more and more time from me) since a longer time I'm no longer being able to participate _actively_ in modssl-users discussions. Nevertheless I monitor modssl-user on a regular basis and try to take your wishes into account for the next maintainance releases (that's why 2.8.1 was delayed two days because I wanted to integrate parts of the posted Win32 patches). So, don't be unhappy that I personally cannot respond, because we have other really great guys here who do an even better job in answering questions than I ever would be able to do. Yours, Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: mod_ssl vs Apache-SSL
-Original Message- From: Robert Covell [mailto:[EMAIL PROTECTED]] Sent: 01 March 2001 16:57 To: [EMAIL PROTECTED] Subject: mod_ssl vs Apache-SSL A few questions on mod_ssl vs Apache-SSL. Just to say up front that email this is not intended to start a Flame War on the two SSL implementations. We just want to make an educated decision now for the future. Our current setup is on Stronghold and want to migrate to either a mod_ssl or Apache-SSL setup. I have searched both sites and several other areas for pros and cons on each and have found very little beyond the memory management that mod_ssl and Apache-SSL use. Can someone provide any pros and cons for each? Why one should go one way verses the other? This is probably the wrong place to ask such a question, since almost everyone on this list is using mod_ssl. However, I can give you my personal experience, which I hope won't be taken personally by the people involved. Initially I set up a secure site for our organisation so that we could take donations. Our webmaster at the time was about to pay a ridiculous amount of money to a third party to set this up. (In fact, we've probably received this amount of money in donations with our current system). I believe this was before mod_ssl was launched, so we started with Apache-SSL. However, I noticed that the version we had of Apache-SSL was running behind the current version of Apache. I think I then tried to apply the Apache-SSL patches to Apache 1.3.6 (we were running 1.2.6 at the time), but could not get it to compile. I contacted Ben Laurie, the author of Apache-SSL, but he wasn't able to help me, probably due to pressures of time that we all have. I was on the verge of giving up when I was contacted by one of the maintainers of the RPMs for mod_ssl who suggested I gave it a go. I was able to install it via RPMs and haven't gone back since. Now I'm a bit wiser about how RPMs work (having put a lot of time into building them etc), I'm sometimes able to help out with issues regarding them. I do prefer them to compiling binaries, because it is far easier for me to document what I have installed and how to upgrade it. (Some of the people I work with don't even know what "make" is). In my opinion, this is one of the best support lists I've ever seen, although I think it would be safe to say that it is very difficult to elicit a response from Ralf (I've never had a reply regarding removing broken RPMs from the ftp site, for example). Please don't take offence Ralf, I realise you are very busy. Thankfully though, there are people like Mads and Owen who will respond to support issues quickly. I personally try to save them the bother whenever the old chestnut about named-based SSL configuration comes up. However, it may appear sometimes that all of us are a bit curt in our replies, but it's best not to get worked up about it. There's plenty of other things to get worked up about! One postscript. It is scary to see how many sites are running old versions of Apache. I've even seen some sites still running Apache 1.2.6. I won't name them as I don't wish to incite "hackers". They don't need any more encouragement. - John Airey Internet Systems Support Officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
mod_ssl vs Apache-SSL
A few questions on mod_ssl vs Apache-SSL. Just to say up front that email this is not intended to start a Flame War on the two SSL implementations. We just want to make an educated decision now for the future. Our current setup is on Stronghold and want to migrate to either a mod_ssl or Apache-SSL setup. I have searched both sites and several other areas for pros and cons on each and have found very little beyond the memory management that mod_ssl and Apache-SSL use. Can someone provide any pros and cons for each? Why one should go one way verses the other? Thanks for your input... Sincerely, Robert T. Covell President / Owner Rolet Internet Services, LLC Web: www.rolet.com Email: [EMAIL PROTECTED] Phone: 816.210.7145 Fax: 816.753.1952 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: mod_ssl vs Apache-SSL
On Thu, Mar 01, 2001 at 10:56:36AM -0600, Robert Covell wrote: A few questions on mod_ssl vs Apache-SSL. Just to say up front that email this is not intended to start a Flame War on the two SSL implementations. We just want to make an educated decision now for the future. Our current setup is on Stronghold and want to migrate to either a mod_ssl or Apache-SSL setup. I have searched both sites and several other areas for pros and cons on each and have found very little beyond the memory management that mod_ssl and Apache-SSL use. Can someone provide any pros and cons for each? Why one should go one way verses the other? Take a look at: http://www.modssl.org/docs/apachecon2000/slide-002-n.html If you know Stronghold, then mod_ssl will be an easy switch. vh Mads Toftum -- `Darn it, who spiked my coffee with water?!' - lwall __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: mod_ssl vs Apache-SSL
A few questions on mod_ssl vs Apache-SSL. Just to say up front that email this is not intended to start a Flame War on the two SSL implementations. We just want to make an educated decision now for the future. this may or may not effect you, but apache-ssl doesn't seem to integrate very well with mod-rewrite. mod-ssl appears to be much more useful. seph __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: mod_ssl vs Apache-SSL
I am also in the process of converting from Stronghold to a secure Apache environment, for reasons of keeping au courant, the friendly and effective support I have experienced from many people in this group, and of course the cost over 3 servers. The best single answer to your question, from my experience, is that the mod_ssl pulls out the actual SSL functionality and places them in a module so you can load dynamically if you want to. But as a Stronghold user, you will be very familiar with mod_ssl services. Its just that now you will have a fine measure of control. The only real problem I experienced was the old bugaboo of randomness but that has now been resolved for me with the excellent prngd solution. I wish you well. You won't be disappointed. George Walsh, Managing Director, DSC Directional Services Corp, Travel Seewise pacific Corp, Vancouver, Canada [EMAIL PROTECTED] wrote: On Thu, Mar 01, 2001 at 10:56:36AM -0600, Robert Covell wrote: A few questions on mod_ssl vs Apache-SSL. Just to say up front that email this is not intended to start a Flame War on the two SSL implementations. We just want to make an educated decision now for the future. Our current setup is on Stronghold and want to migrate to either a mod_ssl or Apache-SSL setup. I have searched both sites and several other areas for pros and cons on each and have found very little beyond the memory management that mod_ssl and Apache-SSL use. Can someone provide any pros and cons for each? Why one should go one way verses the other? Take a look at: http://www.modssl.org/docs/apachecon2000/slide-002-n.html If you know Stronghold, then mod_ssl will be an easy switch. __ Get your own FREE, personal Netscape Webmail account today at http://webmail.netscape.com/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
mod_ssl vs. Apache-SSL in Slashdot
Slashdot asks what is better: mod_ssl or Apache-SSL: http://slashdot.org/article.pl?sid=99/12/22/1711203mode=thread -- Eli Marmor __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: mod_ssl vs. Apache-SSL
On Tue, Dec 21, 1999, Thomas G. Peroulas wrote: I must enable my Apache server with SSL capability. I am considering Apache-SSL and mod_ssl. I am running an Apache web server using Perl CGI (OpenSSL 0.9.4 and Net::Crypt-SSLeay.pm) to pass https applications. Of course I can't pass https until I enable SSL on Apache. Perhaps you can help me with the following: 1. Should I use mod_ssl or Apache-SSL and why? You should decide this on your own, please. I recommend you to compare them yourself first (do a quick installation of both) and then make a reasonable decision for _your_ situation (one cannot give a general answer, the decision will certainly dependent on your situation). Keep in mind: on security issues one always should at least have an own opinion first... 2. May I use either of the two commercially in the United States? Whether commercially or not is not the question for the US. The question for the US is whether you have the RSA license. You need one in the US, at least for the next 10 months until RSA patent expires. Because of this you should also add the commercial SSL solutions for Apache to the evaluation point under 1) because they provide you with a more or less cheap RSA license. 3. If I cannot use these commercially in the states, would anyone recommend the IBM http server? As I said, commercially or not is not important here. 4. Does anyone know offhand if the IBM http server is compatible with mod_perl? If the IBM server allows you to recompile Apache from source, you can use mod_perl, too. Else it becomes tricky (either you need a pre-built version from IBM with mod_perl added or you need some pre-built mod_perl DSOs, etc.) Ask IBM what they provide. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]